You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2018/09/13 12:17:30 UTC

hadoop git commit: YARN-8630. ATSv2 REST APIs should honor filter-entity-list-by-user in non-secure cluster when ACls are enabled. Contributed by Rohith Sharma K S.

Repository: hadoop
Updated Branches:
  refs/heads/trunk e08462715 -> f4bda5e8e


YARN-8630. ATSv2 REST APIs should honor filter-entity-list-by-user in non-secure cluster when ACls are enabled. Contributed by Rohith Sharma K S.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f4bda5e8
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f4bda5e8
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f4bda5e8

Branch: refs/heads/trunk
Commit: f4bda5e8e9fee6c5a0dda7c79ef14e73aec20e7e
Parents: e084627
Author: Sunil G <su...@apache.org>
Authored: Thu Sep 13 17:47:02 2018 +0530
Committer: Sunil G <su...@apache.org>
Committed: Thu Sep 13 17:47:21 2018 +0530

----------------------------------------------------------------------
 .../reader/TimelineReaderWebServices.java                |  4 ++--
 .../reader/TestTimelineReaderWebServicesBasicAcl.java    | 11 ++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
index b10b705..3a4ea2e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
@@ -3532,9 +3532,9 @@ public class TimelineReaderWebServices {
   static boolean checkAccess(TimelineReaderManager readerManager,
       UserGroupInformation ugi, String entityUser) {
     if (isDisplayEntityPerUserFilterEnabled(readerManager.getConfig())) {
-      if (ugi != null && !validateAuthUserWithEntityUser(readerManager, ugi,
+      if (!validateAuthUserWithEntityUser(readerManager, ugi,
           entityUser)) {
-        String userName = ugi.getShortUserName();
+        String userName = ugi == null ? null : ugi.getShortUserName();
         String msg = "User " + userName
             + " is not allowed to read TimelineService V2 data.";
         throw new ForbiddenException(msg);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
index 6651457..6ad4427 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
@@ -88,9 +88,14 @@ public class TestTimelineReaderWebServicesBasicAcl {
     Assert.assertFalse(TimelineReaderWebServices
         .validateAuthUserWithEntityUser(manager, null, user1));
 
-    // true because ugi is null
-    Assert.assertTrue(
-        TimelineReaderWebServices.checkAccess(manager, null, user1));
+    // false because ugi is null in non-secure cluster. User must pass
+    // ?user.name as query params in REST end points.
+    try {
+      TimelineReaderWebServices.checkAccess(manager, null, user1);
+      Assert.fail("user1Ugi is not allowed to view user1");
+    } catch (ForbiddenException e) {
+      // expected
+    }
 
     // incoming ugi is admin asking for entity owner user1
     Assert.assertTrue(


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org